UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

SSL Error: certificate is not yet valid.?

https://forums.unrealircd.org/viewtopic.php?t=927

Page 1 of 1

SSL Error: certificate is not yet valid.?

Posted: Sun Sep 26, 2004 7:13 pm
by lennon
Hi all,
I have a problem whit SSL clients connection.
My machine : Slackware 9.0(2.4.20) whit OpenSSL 0.9.7d
Unreal version 3.2.1

In my unrealircd.conf I have this:

Code: Select all

  listen         XX.XX.XX.XX:9999
  {
        options
        {
               clientsonly;
               ssl;
        };
  };
and this:

Code: Select all

.............................
.............................
        };
                                                                                                                                                                     
        ssl {
                certificate server.cert.pem;
                key server.key.pem;
         };
                                                                                                                                                                     
        spamfilter {
..............................
..............................
My ircd server startup is ok:

Code: Select all

Starting UnrealIRCd
 _   _                      _ ___________  _____     _
| | | |                    | |_   _| ___ \/  __ \   | |
| | | |_ __  _ __ ___  __ _| | | | | |_/ /| /  \/ __| |
| | | | '_ \| '__/ _ \/ _` | | | | |    / | |    / _` |
| |_| | | | | | |  __/ (_| | |_| |_| |\ \ | \__/\ (_| |
 \___/|_| |_|_|  \___|\__,_|_|\___/\_| \_| \____/\__,_|
                           v3.2.1
                     using TRE 0.6.8
                     using OpenSSL 0.9.7d 17 Mar 2004
                     using zlib 1.1.4
 
* Loading IRCd configuration ..
* Configuration loaded without any problems ..
* Loading tunefile..
* Initializing SSL.
* Dynamic configuration initialized .. booting IRCd.
---------------------------------------------------------------------
When I connect whit Xchat 2.4.0 whit my linux machine I have this error:

Code: Select all

................................
................................
[21:12] ---   Public key algorithm: rsaEncryption (1024 bits)
[21:12] ---   Public key algorithm uses ephemeral key with -1073743952 bits
[21:12] ---   Sign algorithm md5WithRSAEncryption (0 bits)
[21:12] ---   Valid since Sep 26 22:49:36 2004 GMT to Sep 26 22:49:36 2005 GMT
[21:12] --- * Cipher info:
[21:12] ---   Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
[21:12] --- Connection failed. Error: certificate is not yet valid.? (9)
and the ircd logs send me this:

Code: Select all

[21:12] --- Exiting ssl client [@XX.XX.XX.XX.55720]: SSL_read(): Underlying syscall error
I have allready check "Accept invalid certificate" in xchat options. I try to connect whit different client.
Any ideas?

PS: sorry for my bad english

Posted: Sun Sep 26, 2004 10:19 pm
by shell
Look at your timestamp, then look at the date + time the cert is valid for.

Are you and the server in different time zones or something?

Posted: Sun Sep 26, 2004 11:13 pm
by lennon
Today I'm able to connect:

Code: Select all

..............................
[01:15] --- * Verify E: self signed certificate.? (18) -- Ignored
[01:15] --- Connected. Now logging in..
.............................
Thanks a lot shell :wink:

Posted: Thu Nov 11, 2004 5:51 am
by agel
shell wrote:Look at your timestamp, then look at the date + time the cert is valid for.

Are you and the server in different time zones or something?
sorry, but... how fix it? :oops:

Posted: Thu Nov 11, 2004 6:34 am
by agel
cool, i fix it, but now i see this:

--- Connection failed. Error: self signed certificate.? (18)

i accept bad cert and problem has solve... emmm.. now, how me make "good" cert?

Posted: Thu Nov 11, 2004 10:43 am
by Dukat
You'd have to buy it, e.g. from verisign (http://www.verisign.com/) :?

Posted: Thu Nov 11, 2004 12:41 pm
by agel
maby some 'robingoods' write free tool to generate it? ((:
this real?

Posted: Thu Nov 11, 2004 2:12 pm
by agel
»»

anybody talk me, how use it?: http://www.opennet.ru/docs/HOWTO/SSL-Ce ... tml#AEN127

dont think, that i lamo, i nowbie (more advice nowbie (:) (:, and i VERY VERY WANT FREEEE ssl cert! i assurance, that is real.. (:

Posted: Thu Nov 11, 2004 2:37 pm
by Ron2K
agel wrote:cool, i fix it, but now i see this:

--- Connection failed. Error: self signed certificate.? (18)

i accept bad cert and problem has solve... emmm.. now, how me make "good" cert?
Erm, what about CAcert.org (or whatever that site is that's mentioned at the end of ./Config)?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited